×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Europe Simulates Total Cyber War

Soulskill posted more than 3 years ago | from the matthew-broderick-won dept.

Communications 80

Tutter writes with this quote from the BBC: "The first-ever cross-European simulation of an all out cyber attack was planned to test how well nations cope as the attacks slow connections. The simulation steadily reduced access to critical services to gauge how nations react. The exercise also tested how nations work together to avoid a complete shut-down of international links. Neelie Kroes, European commissioner for the digital agenda, said the exercise was designed to test preparedness and was an 'important first step towards working together to combat potential online threats to essential infrastructure.' The exercise is intended to help expose short-comings in existing procedures for combating attacks. As the attacks escalated, cyber security centers had to find ever more ways to route traffic through to key services and sites. The exercise also tested if communication channels, set up to help spread the word about attacks, were robust in the face of a developing threat and if the information shared over them was relevant."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

80 comments

This EU commission... (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#34147780)

looks to me as the most expensive club for mass masturbation. The crown of achievement of the (Western) Civilization. Sheesh.

Exercise FAQ (3, Informative)

zrbyte (1666979) | more than 3 years ago | (#34147842)

Find it here. [europa.eu]

Re:Exercise FAQ (0)

Anonymous Coward | more than 3 years ago | (#34148454)

I see what you are trying there, sneaky bastard! I won't participate on this DDoS.

Re:Exercise FAQ (1)

davester666 (731373) | more than 3 years ago | (#34148720)

Really, how much can guns that are tiny enough to fit through those crazy little tubes hurt us?

Re:Exercise FAQ (0)

Anonymous Coward | more than 3 years ago | (#34148762)

A lot, if there's a truckfull of them.

ISPs in my country (2, Funny)

TheLink (130905) | more than 3 years ago | (#34147844)

So that explains it now.

The ISPs in my country have obviously been preparing us for years of cyberwar.

Re:ISPs in my country (0)

Anonymous Coward | more than 3 years ago | (#34147986)

Virgin media customers in the uk didnt notice any difference either.

A strange game. (0)

Anonymous Coward | more than 3 years ago | (#34147856)

It's Europe. Wouldn't you think they'd prefer a nice game of chess?

Shall we play a game? (2, Funny)

CityZen (464761) | more than 3 years ago | (#34147860)

Love to. How about Global Cyber Internet War?

Re:Shall we play a game? (0)

Anonymous Coward | more than 3 years ago | (#34148134)

not your personal army.

also if candleja

Re:Shall we play a game? (0)

Anonymous Coward | more than 3 years ago | (#34153496)

Don't bother, they're too young here to get the reference... Get off my lawn etc.

Everything was fine... (1)

ducomputergeek (595742) | more than 3 years ago | (#34147864)

Until prompted at the terminal whether they wanted to play global thermal nuclear war....

Re:Everything was fine... (1)

zhong-guo-1 (1929014) | more than 3 years ago | (#34151818)

I didn't read your post, it was just the first one with a score above 2. I didn't read the article, I didn't even read the summary! However, here I sit and will tell you exactly what the article said. European government cooperated in testing their systems. They hired top notch people. when it was said an done, they found that severe work needed to be done to secure the systems in preparation for future threats. The article also manages to embarrass a government agency due to their incompetence. While the systems are holding up ok for now, it's just a matter of time before the whole thing comes crashing down at the feet of cyber terrorists. How'd I do?

cyber attacks are launched from botnets, ergo... (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34147884)

Since cyber attacks are launched from pwned machines, what is needed is:

(1) More diversity. We need around 5 major OS families with roughly equal market share, not one with 90% and a few others begging for scraps. Lack of genetic diversity makes life much easier for botnets and malware.

(2) We need people to start taking ownership for their machines. Running random shit that random untrusted web sites thrust at you (whether exes or just scripts used as an attack vector) is just idiotic, and people have got to start realizing this. I'm not sure how to do that. Any possible way I can think of seems inherently evil because it would do things like cut infected people off the net until they fix their box. And *that* means granting more control and central authority over the net to powers that can use it for evil as well as good. Anyway *everyone* surfing the web should be whitelisting scripts from important and trusted sites and running *no others*. Not doing that is a primary reason there are so many pwnd boxes.

Maybe we need a cultural change. We (tech geeks) need to start exerting pressure on our non-tech friends and family to not fall into the digital tragedy of the commons. No one feels like securing their own machine because, well, it's just one infected machine, and alone can't cause great harm. But when it's millions of them, they *can* piss in our collective cheerios.

Re:cyber attacks are launched from botnets, ergo.. (1)

grumbel (592662) | more than 3 years ago | (#34148334)

(2) We need people to start taking ownership for their machines.

No, we need OS that don't give every app access to the full system. Why is there no OS today that allows you to run an application in an isolated sandbox? Why should running an .exe be less safe then running a Flash or Javascript app? There simply isn't any good reason why things are so fucked up, its just historic ballast from the pre-Internet age, back when nobody cared about safety.

I'm not sure how to do that.

Yeah, because it *DOESN'T WORK*. And heck, even if it would work, people have absolutely no way to tell a fraudulent app from a proper one other then a good guess.

Maybe we need a cultural change.

Yeah, but one in the heads of the OS designers, so that they design their security so that it actually works for the random Joe User, not just for the professional admin that spends 10 hours a day configuring his machines.

Re:cyber attacks are launched from botnets, ergo.. (0)

Anonymous Coward | more than 3 years ago | (#34148402)

> Why is there no OS today that allows you to run an application in an isolated sandbox

What do you mean? That ability is available today and has been for some time.

Re:cyber attacks are launched from botnets, ergo.. (1)

grumbel (592662) | more than 3 years ago | (#34148432)

What do you mean? That ability is available today and has been for some time.

Where? Every OS has a "Run as Administrator"/"Run as Root", but I have yet to see one that has a "Run in Sandbox". Sure you can build a sandbox with chroot or do some stuff with virtualisation, but that is hardly practical for average Joe and would probably give a bunch of trouble when it comes to the GPU.

Re:cyber attacks are launched from botnets, ergo.. (1, Informative)

Anonymous Coward | more than 3 years ago | (#34148610)

A combination AppArmor (which has no GPU issues) and for very dangerous things a VM (which does, but can still run light to moderate 3D workloads) works a treat. The rollback button in the VM is a mere mouseclick away. My grandmother could do it, once I showed her the button. We're not talking rocket science here, or any kind of deeply complex problem that takes years of study to master. You don't even need a VM to browse safely, you just have to not run things thrust in your face. If browsers would just ship with the default of not running things unless whitelisted, most of these problems would disappear. Would most people let any stranger into their house at any time for any reason? No? Then they need to stop doing that with their computers.

The tools already exist. People just have to use them. The device is a Turing machine and the only way to stay safe is by using it in a responsible manner. We need to start expecting that, just like we expect people not to drive while drunk or barrel through a residential area at 80 MPH or haphazardly fire guns toward innocent bystanders. Social responsibility applies to the internet just like it does to real life. We have to start demanding it of people.

Re:cyber attacks are launched from botnets, ergo.. (0)

grumbel (592662) | more than 3 years ago | (#34148834)

The tools already exist. People just have to use them.

The tools do not exist, some bare framework exists from which it is possible to replicate some effects from a proper sandbox, but thats all. I seriously doubt that you go out and build an AppArmor profile for every little app you want to run, heck, even the distris don't bother with that and only put a tiny small fraction of apps into AppArmor.

If browsers would just ship with the default of not running things unless whitelisted, most of these problems would disappear.

While whitelisting would certainly help, a proper secure OS shouldn't have an issue with running insecure code in the first place, thats the whole point of a sandbox after all.

The device is a Turing machine and the only way to stay safe is by using it in a responsible manner.

Turning completeness has nothing to do with security.

Re:cyber attacks are launched from botnets, ergo.. (1)

Durandal64 (658649) | more than 3 years ago | (#34148958)

No, we need OS that don't give every app access to the full system. Why is there no OS today that allows you to run an application in an isolated sandbox?

It's called iOS. Also, Mac OS X has sandbox-exec(1).

Re:cyber attacks are launched from botnets, ergo.. (0)

Anonymous Coward | more than 3 years ago | (#34149432)

sandbox-exec(1)

Going off-topic for a moment here, sorry.

What exactly does that (1) mean?

Re:cyber attacks are launched from botnets, ergo.. (1)

laffer1 (701823) | more than 3 years ago | (#34149742)

Section 1 of the manual.. another words run
man sandbox-exec on mac os to find out about it!

you'd see:

NAME
          sandbox-exec -- execute within a sandbox

SYNOPSIS
          sandbox-exec [-f profile-file] [-n profile-name] [-p profile-string] [-D key=value ...] command
                                    [arguments ...]

DESCRIPTION
          The sandbox-exec command enters a sandbox using a profile specified by the -f, -n, or -p option and executes
          command with arguments.

Re:cyber attacks are launched from botnets, ergo.. (1)

SwedishPenguin (1035756) | more than 3 years ago | (#34149764)

It's the section the manpage is in. For instance, printf(1) refers to the program printf, and printf(3) refers to the C function printf. You can search a specific section with man , so man 3 printf will result in the Linux Programmer's Manual entry for printf on my machine.

Re:cyber attacks are launched from botnets, ergo.. (1)

MrMr (219533) | more than 3 years ago | (#34153510)

The command is explained in section 1 of of the man pages.
You would say 'sandbox (8)' for redhat (default SELinux enabled) systems. Claiming no OS today allows you to run an application that way is just a bit of friendly trolling.

Re:cyber attacks are launched from botnets, ergo.. (1)

TheLink (130905) | more than 3 years ago | (#34153870)

Claiming no OS today allows you to run an application that way is just a bit of friendly trolling.

I think he still has a point because: How does Joe Public easily use "sandbox" for an arbitrary program he just downloaded and have the program actually work if the program is actually safe...

The people who can easily figure out 1) and 2) typically need sandboxes less than Joe Sixpack :).

I have actually proposed this: https://bugs.launchpad.net/ubuntu/+bug/156693 [launchpad.net]

Just because there's SELinux and AppArmor doesn't mean much, they're the equivalent of security doors, locks, walls and safes. They are the building blocks, someone has to build a few default rooms for people to run stuff in, and ones which are actually secure.

I have seen an Ubuntu default AppArmor template for Firefox that really doesn't prevent a pwned firefox instance from accessing the user's documents - it only blacklists access to specific areas, it doesn't whitelist.

p.s. do you have a link to the sandbox(8) man page? I can't seem to find it.

Re:cyber attacks are launched from botnets, ergo.. (1)

u38cg (607297) | more than 3 years ago | (#34148444)

One easy answer to the question of how to make hard things happen (for example, making sure people run secure computers) is to mandate insurance for it. It's not a particularly liberal system, but if you can demonstrate to an insurer how you have mitigated the risk you are insuring against, you get a lower rate. Insert obligatory car analogy here.

How is this different from a DDoS sim/pen test? (2, Interesting)

mlts (1038732) | more than 3 years ago | (#34147888)

How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?

A thorough pen test doesn't just scan ports and call it a night, the testers call employees pretending to be IT or managers and demand/browbeat for access, either to be handed a password for "auditing" reasons, or because the main IT people are supposedly gone for the day and a remote OEM needs access. I have even seen some thorough pen tests actually drop U3 USB flash drives in the parking lot that if autorun, would note which machine got "compromised".

I just don't see anything here that is different from hiring a thorough tiger team to test every piece of an organization's security (which companies should do at random times throughout the year.)

Re:How is this different from a DDoS sim/pen test? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34147914)

How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?

I think it sounds more expensive when you say "mock cyberwar".

Re:How is this different from a DDoS sim/pen test? (1)

mlts (1038732) | more than 3 years ago | (#34147998)

To boot, if I were at a multi-site organization, one of the disaster plans would be getting the word out to CHQ if one of the data centers was being attacked. The DR plan would be getting in communication with the other site via another link such as a secure telephony app. This way the message would get out about being slammed from an unknown source, either as part of a drill, or as a reaction to a vicious attack. Smaller businesses that don't have the VoIP structure or the need to be on the Net 24/7/365 can just unplug the network core from the edge routers until things blow over.

Getting the word out could be as simple as calling HQ or other branches on a cell phone and using a code word or two that a third party eavesdropper wouldn't know about, or it might be using a private physical link just for this purpose that is not connected to any other network, not even the corporate LAN.

Re:How is this different from a DDoS sim/pen test? (0)

Anonymous Coward | more than 3 years ago | (#34148544)

Because it's a test done by governments, only the test results are carefully planned. a simulation sounds too much like the result could be unpredictable.

Re:How is this different from a DDoS sim/pen test? (0)

Anonymous Coward | more than 3 years ago | (#34149034)

I just don't see anything here that is different from hiring a thorough tiger team to test every piece of an organization's security (which companies should do at random times throughout the year.)

No you don't see the problem in hiring external tiger teams to probe your organization's security. A rogue tiger team would be the ultimate pentration test.

Re:How is this different from a DDoS sim/pen test? (1)

Linzer (753270) | more than 3 years ago | (#34149556)

How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?

Don't tell me. It's been a while since I was treated to one of those...

Re:How is this different from a DDoS sim/pen test? (1)

TaoPhoenix (980487) | more than 3 years ago | (#34153892)

Because a mock cyberwar across all of Europe is a "measure to test preparedness". However when Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated denial of service (measures to test the preparedness) on web servers hosting the sites of political commentators Bill O'Reilly, Rudy Giuliani, and Ann Coulter, they were so pleased with his services that threw him in jail.

In other words, "Global Cynernuclear War" is a test, while a coke can with baking soda and vinegar is a "terrorist threat" that will land you in jail.

help? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34147906)

At which point in their simulation are they planning on having USA saving their asses?

Re:help? (5, Informative)

Anonymous Coward | more than 3 years ago | (#34148050)

About 4 years later, and after Russia's done 75% of the work...

Re:help? (1)

Verunks (1000826) | more than 3 years ago | (#34149484)

About 4 years later, and after Russia's done 75% of the work...

you mean after russia helped the attackers doing 75% of the work? http://en.wikipedia.org/wiki/Soviet_invasion_of_Poland [wikipedia.org] http://en.wikipedia.org/wiki/Molotov-Ribbentrop_Pact [wikipedia.org]

Re:help? (1)

dunkelfalke (91624) | more than 3 years ago | (#34149814)

the soviet invasion of poland was just russia getting back its former territories which poland has taken two decades earlier when they invaded the still young ussr.

Re:help? (0)

Anonymous Coward | more than 3 years ago | (#34149934)

From your first "Soviet Invasion" link, Polish dead 3,000-7,000. From another wikilink [wikipedia.org] total Polish dead 5,620,000 to 5,820,000.
That's not even close to 0.75%

The USA is not clean of dealing with the Nazis [guardian.co.uk], either.

"the red army decided the fate of german militarism." w. churchill. [timesonline.co.uk]

And the overall price paid in military dead? USA: 416,800 Yugoslavia: 446,000 (first link, again [wikipedia.org])

Re:help? (1)

evilviper (135110) | more than 3 years ago | (#34150254)

Just because Russia's done 75% of the dying doesn't mean they've accomplished a equivalent amount of the progress.

In the US-Afghan war, did the Taliban do 1000% of the work? Because the casualties work out about that way...

Re:help? (1)

Super_Z (756391) | more than 3 years ago | (#34152900)

Just because Russia's done 75% of the dying doesn't mean they've accomplished a equivalent amount of the progress.

Comparing total german losses [wikipedia.org] (5,533,000) to german losses on the eastern front [wikipedia.org] (4,215,000) shows that the Soviets indeed did the "equivalent amount of the progress.".

Re:help? (1)

jovius (974690) | more than 3 years ago | (#34152960)

The arrogance and selfishness lead astray a bit. The war wasn't won by just massing in troops but also because of the tactical and strategic mistakes by Germany. One can claim whatever, but the things just happened to go like that with help from the German leadership. The nationalist fervor is based on a false pretense. We should have gotten rid off it already after we killed each other by millions, but the winning states divided the world between each other and locked into trenches.

One of the founding ideas of the EU is to prevent that kind of wars and thinking happening again.

Re:help? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34148384)

After America spends years ignoring the biggest threat to civilisation ever, only responds when America's threatened, and then contributes a tiny amount of resource (both as a total compared to USSR, Britain, France, Canada, and as a % of their size) and then goes on and on about it for ever. Just like WW2 then.

What USA? (0)

Anonymous Coward | more than 3 years ago | (#34149150)

It's set in the future, there is no USA to speak of. China's the enemy, Russia's our friend.

The independent nations of Texas and California were too busy cleaning up at home, but the Islamic Republic of Jerusalem did send some observers.

P.S. Thanks for making it easy to hate young Americans, it's not like you know anything about the real history of WWII. The British and Russians did all the heavy lifting, they're the one's who won the war!

Re:help? (0)

Anonymous Coward | more than 3 years ago | (#34150144)

The French have to surrender, the Italians have to switch sides (again), and the Spanish and Portuguese have to claim neutrality while secretly helping the enemy first.

See (-1, Troll)

antifoidulus (807088) | more than 3 years ago | (#34147916)

If niggers stuck to their own kind there wouldn't be any problem, but Instead they use all the money they leech off the non subhuman races to get lots of free time to spread their inferior seed as much as possible. So us productive people are left to support half niggers and the morons who breed with dudes with no employment prospects, a criminal record etc. Why we have this culture of nigger worship is beyond me. We should reenact the miscegenation laws to make sure the nigger cannot pollute our seed anymore,

Re:See (2, Funny)

Anonymous Coward | more than 3 years ago | (#34147962)

I think you replied to the wrong post.

Might want to check on that.

Re:See (1)

AnonymousClown (1788472) | more than 3 years ago | (#34148140)

... the morons who breed with dudes with no employment prospects, ...

Getting that MBA seemed to be a good idea at the time. Gimme a break!

Re:See (1)

bhiestand (157373) | more than 3 years ago | (#34152748)

GNAA member forgets to click "Post Anonymously"? Classic.

De-friended... I'll try to remember to link to your post whenever you spout your normal anti-Obama rhetoric, etc.

they never call these things what they really are (1)

PJ6 (1151747) | more than 3 years ago | (#34148064)

These are feasibility studies where defense is only a secondary consideration. Next we will see several small but notable "cyber attack" events that will justify increased funding to the biggest players.

Wrong Continent (0)

Anonymous Coward | more than 3 years ago | (#34150158)

Stop projecting your ideas of how the American system works on a European project.

We're not like you at all, your preconceived notions don't apply here.

It's amusing to read your complaints knowing that you are blind to the fact that other places do not operate according to the rules you are obviously used to.

Re:Wrong Continent (1)

PJ6 (1151747) | more than 3 years ago | (#34150860)

It's always been that way, everywhere, with almost no exception.

You have a right to be angry, but it won't change anything.

Ah stop it! (1)

McTickles (1812316) | more than 3 years ago | (#34148206)

This is why my leeching was very slow! Bastards! stop playing your little wargames so I can leech pr0n in peace

Peace protests (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34148270)

Make cyber-sex, not cyber-war!

Can simulate all wars, instead of fighting them? (2, Interesting)

PolygamousRanchKid (1290638) | more than 3 years ago | (#34148308)

Sure would save a lot of lives, materials and money. Oh, wait, they tried that on Star Trek and it ended in tears, until Captain Kirk shutdown the simulation.

cyber - nonsense (2, Insightful)

drDugan (219551) | more than 3 years ago | (#34148346)

the whole cyber- prefix is getting old and useless.

cyber-crime (it's crime)
cyber-war (it's war)
cyber-stalking (it's stalking)
cyber-bullying (it's bullying)

you get the picture.

Re:cyber - nonsense (1)

Scorch_Mechanic (1879132) | more than 3 years ago | (#34152066)

It was old and useless the instant the internet came online (hah), simply because it's a buzz word that means "internet". Hell, it's a full blown euphemism. It's like the people using it feel like being caught saying "internet" will somehow damage their careers, so they do a dainty dance around the issue, instead of calling it what it is. The only cyber-whatsits I want to hear about anymore are robotic prosthesis and brain interfaces.

Re:cyber - nonsense (0)

Anonymous Coward | more than 3 years ago | (#34152298)

cyber-theft?

just saying.

Re:cyber - nonsense (1)

TeknoHog (164938) | more than 3 years ago | (#34153414)

Cybernetics deals with robotics and other control/feedback systems. What kind of a genius decided that it would be a good name for doing things on the Internet?

Re:cyber - nonsense (0)

Anonymous Coward | more than 3 years ago | (#34159484)

But...

cyber-sex is not sex

sorry /. guys

Europe simulates total cyber war (3, Funny)

David Gerard (12369) | more than 3 years ago | (#34148604)

WEB 0.1, Cyberspice, Saturday (NTN) — The European Union has run a simulated "cyber attack," in which simulated outsourcing companies strike mortal blows upon national budgets [newstechnica.com] for consulting fees for "cyber security" while still using Windows.

The simulation steadily reduced access to critical services to gauge how nations react, removing access to working email, letting loose old viruses and charging €300 callout fees to look at why you can't log in.

Neelie Kroes, European commissioner for the digital agenda, said the exercise was intended to help expose short-comings in existing procedures for combating attacks on funding. "It is an important first step towards working together to combat potential online threats to essential infrastructure and the consulting fees therefrom."

The exercise also tested how nations work together to avoid a complete shut-down of international links when internet service providers charge £50/month for a "super-fast" connection with a 20GB bandwidth cap.

The exercise was overseen by bouncing new baby quango the European Network Security Agency. "We considered just bombing Redmond, Washington from orbit, which simulations showed would have pretty much solved all attacks over the network itself," said Dr Udo Helmbrecht, most recently of outsourcing firm EDS Capita Goatse. "But we're not so silly as to put ourselves out of a job."

fpK fucker!! (-1)

Anonymous Coward | more than 3 years ago | (#34149092)

which gathers Jesus Up The the wind appeared are about 7000/5 FreeBSD went out 486/66 with 8 stupid. To the something that you I type this. shit-filled, very own shitter, purposes *BSD is mire of decay, something cool and easy - only rules Are This It there. Bring fucking surprise, Haapen. 'At least the gay niggers And she ran from the FreeBSD reciprocating NIGGER ASSOCIATION Usenet is roughly I type this. happiness Another

fcp (0)

Anonymous Coward | more than 3 years ago | (#34149306)

Couldnt something on a huge scale like an internap fcp, be able to detect congestion or an attack and be programed to just continuously rotate providers and routes as needed?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...